The project brave-intl/bat-go was used classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint.
Type of Change
[ ] Product feature
[x] Bug fix
[ ] Performance improvement
[ ] Refactor
[ ] Other
Tested Environments
[x] Development
[ ] Staging
[ ] Production
Before Requesting Review
[x] Does your code build cleanly without any errors or warnings?
[ ] Have you used auto closing keywords?
[x] Have you added tests for new functionality?
[ ] Have validated query efficiency for new database queries?
[ ] Have documented new functionality in README or in comments?
[ ] Have you squashed all intermediate commits?
[x] Is there a clear title that explains what the PR does?
[ ] Have you used intuitive function, variable and other naming?
[x] Have you requested security and/or privacy review if needed
Summary
The project
brave-intl/bat-go
was used classic builder cache system is prone to cache poisoning if the image is builtFROM scratch
. Also, changes to some instructions (most important beingHEALTHCHECK
andONBUILD
) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint.Type of Change
Tested Environments
Before Requesting Review
Manual Test Plan